Posted on 2008-06-25
A large MS Word (Office 2003, SP 3) document that I work on regularly appears to have been infected with a trojan this morning. I'm running ESET / NOD32 (v3217 (20080625)). This was the NOD32 warning:
Time Module Object Name Threat Action User Information
6/25/2008 9:48:59 AM AMON file <full path> a variant of Win32/Exploit.MSWord.Smtag trojan <machine name>\jdana Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
NOD32 was unable to clean the file. The error message simply reads, "Unable to clean."
Here's the interesting twist: The file was reported infected after the 3217 update. The 3218 update arrived minutes ago, and suddenly NOD32 reports the file is clean. Was I looking at a "false positive" from NOD32? Is there an online tool I can use to verify the file is, in fact, clean?